Report - miztv.shop/tele/stream-436.php

Report Overview

Submitted URL
miztv.shop/tele/stream-436.php
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 02:37:01
Access
public
Website Title
miztv.shop/tele/stream-436.php
Final URL
miztv.shop/tele/stream-436.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
miztv.shop	unknown	unknown	No data	No data	876 B	12 kB	188.114.96.1
quartaherbist.com	unknown	unknown	No data	No data	408 B	1.5 kB	188.42.247.212
thefacux.com	unknown	2022-10-25	2022-10-25	2024-04-09	821 B	34 kB	139.45.197.238
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-07	411 B	32 kB	151.101.2.137
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-07	881 B	16 kB	151.101.129.229
lewblivehdplay.ru	unknown	unknown	No data	No data	898 B	382 kB	104.21.23.20
c.adsco.re	16577	2017-02-14	2017-11-29	2024-05-07	382 B	1.3 kB	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	quartaherbist.com	Sinkholed
2024-05-08	medium	thefacux.com	Sinkholed
2024-05-08	medium	thefacux.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	www.xadsmart.com/qitocg/l/vzabuto_calendar.min.js	37 kB	2024-05-08	2024-05-08
Pretty URL www.xadsmart.com/qitocg/l/vzabuto_calendar.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 04:37:09 Last Seen2024-05-08 04:37:10 Times Seen1 Hash 1ccaf294ebca37e4ee244eb80f55d4c7 c0b375b70e7b7dca94481f0959f4bef679636067 6f88880a838fe2284dac66bd401d9fe40746c452ebdb06aa9808d93f94a4da4a Loading...

	miztv.shop/tele/stream-436.php	976 B	2024-05-08	2024-05-08
Pretty URL miztv.shop/tele/stream-436.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 04:37:10 Last Seen2024-05-08 04:37:10 Times Seen1 Hash b0ac78f86821b2289bf4a6ff5557adcc 56cf4a28e26ebb13ffa8c09af9f6e48bb660350f 0a5b02cdccee10843209c8be33a4b82ee30fd26ac13132f053ed4c07a6182855 Loading...

	miztv.shop/tele/stream-436.php	424 B	2024-04-28	2024-05-08
Pretty URL miztv.shop/tele/stream-436.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 22:55:22 Last Seen2024-05-08 04:37:10 Times Seen2 Hash a3b30f7a4f58dcb1d02813b888040356 9b156cdba9579b0d727661b4b26ae83a041a29f1 2f351648bf0dc1e67fdddde1db061175dcfeb5b5321c350101ddc27ca9a39098 Loading...

	lewblivehdplay.ru/premiumtv/daddyhd.php?id=436	46 B	2023-07-23	2024-05-19
Pretty URL lewblivehdplay.ru/premiumtv/daddyhd.php?id=436 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 19:35:27 Last Seen2024-05-19 14:02:36 Times Seen58 Hash 4e1e753f543ab69894b98c449e10234d 8ed53684f57e4c1e60ef3de40bf48d9e692fd3f1 1a0a20c8c7ace362f60bd79417d8bd1d5ab34fecd8bd335e7aa1bd3952d84db9 Loading...

	unknown	34 B	2023-04-11	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16:40 Last Seen2024-05-19 21:23:29 Times Seen77708 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

	miztv.shop/tele/stream-436.php	66 kB	2024-04-28	2024-05-08
Pretty URL miztv.shop/tele/stream-436.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 22:55:22 Last Seen2024-05-08 04:37:10 Times Seen2 Hash 3e37e03b12efc5e8f7d7ed031233aed7 331b90d297c5e79d050d0622897a0226fb8db0e9 caea40304682facaa770dd098a954a8fce65ca55c6a78fb18f94253338f841ec Loading...

	unknown	5 B	2023-03-07	2024-05-19
Pretty Introduced by javascriptURL Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-19 21:08:07 Times Seen15284 Hash 68934a3e9455fa72420237eb05902327 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa Loading...

	lewblivehdplay.ru/premiumtv/daddyhd.php?id=436	82 kB	2024-04-26	2024-05-19
Pretty URL lewblivehdplay.ru/premiumtv/daddyhd.php?id=436 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:43:46 Last Seen2024-05-19 14:02:36 Times Seen21 Hash 7173872d985b3515c5997342838528f8 d7f7f0e91674b4cf0c9972058e6137f2eaf10367 1d5e36529f31b56eebb0438d876e2bd5a1c05ecd23ab9443829614ddd609fd75 Loading...

	thefacux.com/tag.min.js	90 kB	2024-05-07	2024-05-08
Pretty URL thefacux.com/tag.min.js IP 139.45.197.238 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:18:20 Last Seen2024-05-08 13:13:48 Times Seen53 Hash adb1154d25ea3c93d9fd4f621fc6683e 8c4aedc566b2d788823febd93692d84d511cc538 fbac7039a741589bf52c73a346760ee23c8a3c72f474a29a1dfd1496aa9effe3 Loading...

	miztv.shop/tele/stream-436.php	444 B	2024-04-28	2024-05-08
Pretty URL miztv.shop/tele/stream-436.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-28 22:55:22 Last Seen2024-05-08 04:37:10 Times Seen2 Hash 767f6c13442185888df443a3a9c7fcd4 94c8a2b2bca628dad78c938cb97e21efddab1ef7 7a47286f939d35af4052fde589976335504e81a4a1f56dd29789b7f9c0bb3632 Loading...

	quartaherbist.com/rajJs8QOI9CknaS/69521	0 B	2023-03-07	2024-05-19
Pretty URL quartaherbist.com/rajJs8QOI9CknaS/69521 IP 188.42.247.212 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 21:37:00 Times Seen37844159 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 73497a37c3561adbd8ce84e4f017b368	9 B	2023-03-07	2024-05-19
Pretty Observations First Seen2023-03-07 01:03:23 Last Seen2024-05-19 21:14:37 Times Seen2482 Hash 73497a37c3561adbd8ce84e4f017b368 9193ae73cb3dd2833be8c942714d5544bfb628c9 9312a1adbbf0a4c05fc296d158ec3bd39acfe50e9e98ff02688139aad6fc3351 Loading...

HTTP Transactions (11)

URL IP Response Size

miztv.shop/tele/stream-436.php

188.114.96.1

0 B

URL
miztv.shop/tele/stream-436.php
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /tele/stream-436.php HTTP/1.1
Host: miztv.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://miztv.shop/tele/stream-436.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 02:36:38 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hSjqbZhWWitS%2FJAxlZrfXa%2FD9l%2FrkvjuDf8dZeXY%2BWosKb5SFAwXGClhMjCPT9Mj7%2F5U9zd9g3FharmT1QdcYtqhF2yMu0ezdqVyWXIFY5VluR0%2BiRebHeTR9qyq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880610330c9eb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

quartaherbist.com/rajJs8QOI9CknaS/69521

188.42.247.212

20 B

URL
quartaherbist.com/rajJs8QOI9CknaS/69521
IP
188.42.247.212:0
ASN
#7979 SERVERS-COM

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rajJs8QOI9CknaS/69521 HTTP/1.1
Host: quartaherbist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://miztv.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 May 2024 02:36:38 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://miztv.shop
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 09-May-2024 02:36:38 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Thu, 09-May-2024 02:36:38 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

thefacux.com/tag.min.js

139.45.197.238

28 kB

URL
thefacux.com/tag.min.js
IP
139.45.197.238:0
ASN
#9002 RETN Limited

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28333 bytes)
Hash
adb1154d25ea3c93d9fd4f621fc6683e
8c4aedc566b2d788823febd93692d84d511cc538
fbac7039a741589bf52c73a346760ee23c8a3c72f474a29a1dfd1496aa9effe3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: thefacux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://miztv.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:36:38 GMT
content-type: text/javascript; charset=utf-8
content-length: 28333
content-encoding: br
x-trace-id: 494ee91f5311036c50c0c9b782ff3a34
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Tue, 07 May 2024 03:12:07 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.2.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://lewblivehdplay.ru/premiumtv/daddyhd.php?id=436
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewblivehdplay.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 08 May 2024 02:36:38 GMT
age: 991979
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 77929
x-timer: S1715135799.692511,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/disable-devtool@latest

151.101.129.229

200 OK

6.7 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/disable-devtool@latest
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://lewblivehdplay.ru/premiumtv/daddyhd.php?id=436
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17245)
Size
6.7 kB (6741 bytes)
Hash
f71da0117b47fe056c382d44f7c1af53
c384c695d7a74e1e4272b13f9d5942d0f24d099d
2a741550c18b132b0ef573f818fc79d6c09169be71d538b968ceac551c178ad3

HTTP Headers

GET /npm/disable-devtool@latest HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewblivehdplay.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.7
x-jsd-version-type: version
etag: W/"4372-w4TGldenTh5CcrE/nVlC0PJNCZ0"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 02:36:38 GMT
age: 33000
x-served-by: cache-fra-eddf8230055-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6741
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js

151.101.129.229

8.1 kB

URL
cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js
IP
151.101.129.229:0
ASN
#54113 FASTLY

Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (26814)
Size
8.1 kB (8149 bytes)
Hash
835f1f7feab838f171c6334abc3d14da
68b97b433d37600647338e57f4344e5e1faf6246
189334d0a898e2aa16794cdd1ea47a0e7c1750578173b25033049fafdf55f2a4

HTTP Headers

GET /npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewblivehdplay.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.6.2
x-jsd-version-type: version
etag: W/"68bf-aLl7Qz03YAZHM45X9DROXh+vYkY"
content-encoding: br
accept-ranges: bytes
date: Wed, 08 May 2024 02:36:38 GMT
age: 3286
x-served-by: cache-fra-eddf8230045-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8149
X-Firefox-Spdy: h2

lewblivehdplay.ru/blast.js

104.21.23.20

200 OK

30 kB

URL GET HTTP/3
lewblivehdplay.ru/blast.js
IP
104.21.23.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewblivehdplay.ru/premiumtv/daddyhd.php?id=436
Certificate
IssuerGoogle Trust Services LLC
Subjectlewblivehdplay.ru
FingerprintE5:63:63:3C:E5:C6:30:8E:0C:DD:AD:C8:48:A8:98:66:AD:75:45:84
ValidityThu, 11 Apr 2024 12:29:56 GMT - Wed, 10 Jul 2024 12:29:55 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30016 bytes)
Hash
091faec928970e76d37a3601c19fcf8a
6441e8eebe90eb8d4a40e7c25440ff99caba3520
eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12

HTTP Headers

GET /blast.js HTTP/1.1
Host: lewblivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewblivehdplay.ru/premiumtv/daddyhd.php?id=436
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 02:36:38 GMT
content-type: application/javascript
last-modified: Sun, 03 Mar 2024 13:23:46 GMT
etag: W/"65e479e2-13040"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5264
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EfFVcgIlzqdMmJBnofy56u4VUH4187qvwfs7Kum9s60GjTD8AV95qs46rPVEEF52rkMelGLYMXlF6WDnyuLySyGlFqyySiVG14%2FKAhkS6zAFQbpwE9A996cZNbkxQqn55JFDaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880610357a2b56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

miztv.shop/favicon.ico

188.114.96.1

404 Not Found

11 kB

URL GET HTTP/3
miztv.shop/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://miztv.shop/tele/stream-436.php
Certificate
IssuerGoogle Trust Services LLC
Subjectmiztv.shop
Fingerprint28:56:7C:8F:B6:8F:35:C4:04:34:5E:86:FC:66:4A:BB:AA:60:EE:2F
ValidityTue, 16 Apr 2024 20:34:40 GMT - Mon, 15 Jul 2024 20:34:39 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
11 kB (11410 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: miztv.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://miztv.shop/tele/stream-436.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 08 May 2024 02:36:39 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G6C0T60R3FzBSf%2FIXzL%2F8bfPifW75A6FQ2YRG2Y6InVoExGhHuUPKzj4EuPlVcPntKNEWErQYH2DnO7SkW7yT6MDrH6Lr%2BEDauYhWlwJ1bZMQkifN%2B8DGwV6SAYU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880610374fa5b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

thefacux.com/5/6712285/?oo=1&aab=1

139.45.197.238

200 OK

2.9 kB

URL GET HTTP/2
thefacux.com/5/6712285/?oo=1&aab=1
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://miztv.shop/tele/stream-436.php
Certificate
IssuerLet's Encrypt
Subjectthefacux.com
Fingerprint88:7A:EA:E7:E7:B7:8C:02:8B:63:43:15:3E:B7:23:59:0D:81:83:4D
ValidityTue, 07 May 2024 05:12:17 GMT - Mon, 05 Aug 2024 05:12:16 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3128), with no line terminators
Size
2.9 kB (2880 bytes)
Hash
bc86143469f478617c26dc4d50a368aa
64f52970471fc15c1c159580110692c21c971c55
498cb4a21543838c5684b4dfa06628e0cddd13b09da71052075793ed9a6f8a78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6712285/?oo=1&aab=1 HTTP/1.1
Host: thefacux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://miztv.shop
DNT: 1
Connection: keep-alive
Referer: https://miztv.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 02:36:38 GMT
content-type: application/json
x-trace-id: dc3ec57ad57140a2df0094c41c13592e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://miztv.shop
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080565711464874e23aa9021289333d; expires=Thu, 08 May 2025 02:36:38 GMT; path=/; secure; SameSite=None
oaidts=1715135798; expires=Thu, 08 May 2025 02:36:38 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

c.adsco.re/

0.0.0.0

0 B

URL GET
c.adsco.re/
IP
0.0.0.0:0
ASN
#0

Requested by
https://miztv.shop/tele/stream-436.php
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73
ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://miztv.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 02:36:38 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Sat, 08 Jun 2024 02:36:38 GMT
etag: W/"oLR1xl/tMSq6jXxDoMvJKA=="
cf-cache-status: HIT
age: 202796
vary: Accept-Encoding
server: cloudflare
cf-ray: 88061034bc64568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lewblivehdplay.ru/p2p-media-loader-core.min.js

104.21.23.20

200 OK

350 kB

URL GET HTTP/3
lewblivehdplay.ru/p2p-media-loader-core.min.js
IP
104.21.23.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lewblivehdplay.ru/premiumtv/daddyhd.php?id=436
Certificate
IssuerGoogle Trust Services LLC
Subjectlewblivehdplay.ru
FingerprintE5:63:63:3C:E5:C6:30:8E:0C:DD:AD:C8:48:A8:98:66:AD:75:45:84
ValidityThu, 11 Apr 2024 12:29:56 GMT - Wed, 10 Jul 2024 12:29:55 GMT

File type
JavaScript source, ASCII text, with very long lines (505), with CRLF line terminators
Size
350 kB (350181 bytes)
Hash
456780886716e31a2c5031869a56024d
9ddf91b9e4e6321fbb0d0160f386203d326092fb
97ba329694ba923bc5d7d93e051cf0ecdc8121d4488adb52b682a646b3721511

HTTP Headers

GET /p2p-media-loader-core.min.js HTTP/1.1
Host: lewblivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lewblivehdplay.ru/premiumtv/daddyhd.php?id=436
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 02:36:38 GMT
content-type: application/javascript
last-modified: Mon, 18 Mar 2024 17:15:39 GMT
etag: W/"65f876bb-557e5"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5264
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PjFeC%2FZa7KApoYPPxZGDabswekOtkVORck22lfeFJp0ImIs2kClU11NG2gaQRobboHYXebujUv1O1EvCe5g3Pq1vbT9wAJYGEwUeyXtGVPqdFgk5V9cgimMM6Qbbb0Po%2BclM0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880610357a2c56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by